1. Caddy version (caddy version):
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o= - official caddy debian repo version
2. How I run Caddy:
systemctl start caddy (using the caddyfile in /etc/caddy/Caddyfile)
a. System environment:
Running Debian 11
prosody-filer v1.0.2
using systemD
System up to date
b. Command:
systemctl start/restart caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. Caddyfile or JSON config:
I am showing only the relevant bit since I don’t have anything configured that could affect this at as a global setting.
This config half works, since the PUT request is being made but the http server that handles the upload behind the proxy, but it reports the HMAC signature is missing.
upload.domain.tld {
reverse_proxy localhost:5050
}
3. The problem I’m having:
I am running an upload service using HMAC for authentication, the server I am using for this is prosody-filer, I have to mention that the secret is both correctly set up in the server and the “client”, the thing is that the signature is missing, specially since it seems to connect but its rejected by the upload server.
4. Error messages and/or full log output:
Error message of my http upload server:
2022/12/11 03:36:31 Incoming request: PUT /external/IXlPedub60p9791/20221210_213546818_62b1.jpg?token=14553edeaa1a36243cdbd2504063b04ef62081fc2d1d9dc974a6b1fb161ce79d
2022/12/11 03:36:31 Error: No HMAC attached to URL.
Curl response on the address my service is behind of:
~ ❯❯❯ curl -v domain.tld
* Trying $SERVER_IP:80...
* Connected to domain.tld ($SERVER_IP) port 80 (#0)
> GET / HTTP/1.1
> Host: domain.tld
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://domain.tld/
< Server: Caddy
< Date: Sun, 11 Dec 2022 03:41:25 GMT
< Content-Length: 0
<
* Closing connection 0
5. What I already tried:
I haven’t tried a lot since I really don’t know how to handle HMAC in caddy and there is not a lot of documentation about it, I saw some plugins and some directive related to load balancing, but nothing completely related to the issue I am having.
However, I did try to adapt the nginx example configuration they provide (they are in the README of the github repo). What I tried didn’t even let me upload which was restricting and handling specific paths like /upload, it didn’t “route”, with the plain reverse proxy it did and that’s why I left it like that, I am looking for guidance and assistance for translating the apache and nginix config files to caddy, since I know caddy a bit but not the other servers.
6. Links to relevant resources:
Http Upload server - https://github.com/ThomasLeister/prosody-filer